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Detail Action 

1. This Office Action is in response to tine Amendment filed on 07/01/2004. Claim 
40 has been amended. Claims 1-51 are presented for examination. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described In a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AlPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AlPA (pre-AlPA 35 U.S.C. 102(e)). 
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3. Claims 1,18 and 35 is rejected under 35 U.S.C. 102(e) as being anticipated 
by He et al. (US 6,088,451), herein after referred as He, 

4. As to claim 1, He teaches a method for accessing a service in a distributed 
computing environment, comprising: 

a client receiving a capability credential (i.e., a list of user credentials retrieved 
from the registration database, enclosed in a credential ticket and sent back to the user 
in a response message), wherein said capability credential indicates that the client is 
allowed to access a portion of a first service's capabilities (He, C18:L34 - C19:L8); 

the client using said capability credential (i.e., the received credential ticket) to 
request an access interface document to access the first service (to access a specified 
network element 104 via a pull down menu) (He, C20:L14 - C21 :L22); 

the client receiving said access interface document, wherein said access 
interface document comprises an interface for accessing only said portion of the first 
service's capabilities (i.e., once in authorization is OK, the user is permitted to access 
pull down menus to identify those network elements to which is a lowed to access); and 

the client using the interface from said access interface document to access a 
capability from said portion of the first service's capabilities (i.e., the user can make an 
access request by selecting/clicking on one of the network elements listed by the pull- 
down menu) (He, C26: L58-65). 
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5. Claim 18 is a corresponding client device claim of method claim 1; therefore, it is 
rejected under the same rationale. 

6. Claim 35 is a corresponding carrier medium claim of method claim 1; therefore, it 
is rejected under the same rationale. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 2-17, 19-34 and 36-51 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over He, in view of Pulliam et al. (US 6,6,09,108), herein after 
referred as Pulliam. 

9. As to claim 2, He teaches using said capability credential to request an access 
interface document as in claim 1, but does not explicitly teach sending an advertisement 
request message in a data representation, wherein said advertisement request 
message includes said capability credential. 
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In the related art, Pulliam teaches an online shopping communication schema for 
communicating online orders, wherein a message client 924 (Fig. 10) is a multi- 
threaded HTTP process that provides the required functions to receive the XML 
formatted document (i.e., pull-down lists of makes and models as an access interface 
document to access to those makes and models), then generates and sends XML 
messages and application credentials to and from the locate server; and the listener 
902 of the server 821 (Fig. 9) accepts messages and provides support for 
authenticating whom the request is from using private key infrastructure (PKI) encrypted 
user credentials to allow or deny access to specific functions and data sets supported 
by the server based on the requestor's identity/credentials (Pulliam, CI 4: L34-45 and 
C15: L38^2). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to combine the teachings of He and Pulliam to request 
an access interface document by sending an advertisement request message in a data 
representation, wherein said advertisement request message includes said capability 
credential since such methods were conventionally employed in the art to submit 
request messages along with attached client/user's credentials to the security system 
for authentication requirement to obtain access to protected information and service. 

10. As to claim 3, He-Pulliam teaches the method of claim 2, wherein said data 
representation language is extensible Markup Language (XML) (Pulliam, CI 6: L40-50). 
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11. As to claim 4, He-Pulliam teaches the method of claim 2, further comprising in 
response to receiving said advertisement request message, generating and sending an 
advertisement request response which includes a custom advertisement according to 
said portion of the first service's capabilities that the client is allowed to access (i,e., 
generating pull-down menus to identify ttiose capabilities to which the client is allowed 
to access) (He, C26: L58-65 and Pulliam, CI 3: L34-40). 

12. As to claim 5, He-Pulliam teaches the method of claim 4, wherein said custom 
advertisement specifies an XML schema defining messages to be sent to and from the 
first service (i.e., the network element/sever) (Pulliam, C15: L39-43 and C16: L40-50). 

13. As to claim 6, He-Pulliam teaches the method of claim 1, further comprising the 
client receiving a protected advertisement for the first service, wherein said protected 
advertisement provides an address (i.e., through message exchanges with the 
authentication server 202, the user authenticates his/her identify to the network and 
obtains the authentication ticket that contains, or redirects the user to, the address of 
credential server 204) to request said security credential, but does not provide said 
access interface document to access the service. (He, C17: L55-67 and CI 8: LI -23). 

14. As to claims 7-10, He-Pulliam teaches the method of claim 6, further comprising 
the client sending a request for said security credential to said address for an 
authentication service that determines a level of capabilities of the first service that 
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client is authorized to access (i.e., the user sends a message to the credential server 
204 to request for a list of the user credentials) and generates said security credential to 
grant access for the client to said portion of the first service's capabilities (i.e., upon 
receiving the request message, the credential server 204 retrieves information from the 
authentication ticket and based on the user identifier, the credential sen/er 204 will 
retrieve the list of user credentials from the registration database 210 and enclose the 
list in a credential ticket to send back in a response message to the user) (He, C18: 
L57-67 andC19: LI -31). 

1 5. As to claim 1 1 , He-Pulliam teaches the method of claim 6, wherein said protected 
advertisement further provides an address (i.e., through message exchanges with the 
credential server 204 using the authentication ticket, the user obtains the credential 
ticket that contains, or redirects the user to, the address of network element access 
server 206) to request said access interface document to access the first service, 
wherein said using capability credential to request an access interface comprises 
sending an advertisement request message to said address to request said access 
interface document (He, CI 8: L57-67 and CI 9: LI -31). 

16. As to claim 12, He-Pulliam teaches the method of claim 6, wherein receiving said 
protected advertisement from a space service (i.e., "realm" or network 106 of Fig. 2), 
wherein said space service comprises protected advertisements for a plurality of 
services (i.e., comprises plurality of different organizations on different types of network 
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elements 104) including the first service (the specified network element 104), wherein 
each protected advertisement specifies an address (address of the network security 
server NNS 208) for request a security credential to allow access to a corresponding 
service (He, C3: L4-9, CI 4: L62-67 and CI 5: LI -28). 

17. As to claim 13, He-Pulliam teaches the method of claim 1, wherein said access 
interface document comprises a schema (i.e., XML schema) defining messages for 
accessing said portion of the first service's capabilities, wherein said using the interface 
from said access interface document to access a capability (i.e., using the pull down list 
to access available information/services) comprises sending a message according to 
said schema to the first service (Pulliam, CI 6: L40-50). 

18. As to claim 14, He-Pulliam teaches the method of claim 13, wherein said 
message includes said capability credential (i.e., the list of user credentials contained in 
the credential ticket), the method further comprising the first service (i.e., the network 
element access server 206) using said capability credential to authenticate said 
message as from the client (He, C20: L28-67 and C21: LI -13), 

19. As to claim 15, He-Pulliam teaches the method of claim 1, wherein said access 
interface document comprises a schema (i.e., XML schema) defining messages for 
accessing said portion of the first service's capabilities, wherein the client using said 
access interface document to construct a message gate for sending messages to the 
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first service (i.e., a message client 924 provides the required functions to receive ttie 
XML formatted document, then generates and sends XML messages and application 
credentials to and from the server), wherein the message gate embeds said capability 
credential in each message (Pulliam, CI 5: L38-43). 

20. As to claims 16-17, He-Pulliam teaches the method of claim 15, wherein the 
message gate checks each message for compliance with said message schema, i.e., 
an XML schema (He, CI 6: L40-50). 

21. Claims 19-34 are corresponding client device claims of method claims 2-17; 
therefore, they are rejected under the same rationale. 

22. Claims 36-51 are corresponding carrier medium claims for method claims 2-17; 
therefore, they are rejected under the same rationale. 



23. 



Response to Arguments 

In the remarks, applicant argued in substance that 
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(A) Prior Art does not teach "the client using the interface from the access 
interface document to access a capability from the portion of the service's capabilities". 

As to point (A), He (US 6,088,451 ) teaches a method for accessing a service in a 
distributed computing environment, wherein upon successful completion of the login, 
the process transitions to an "Authorization O.K." state 506. Once in authorization O.K. 
state, the user is permitted to access pull down menus to identify those network 
elements to which is allowed to access. The user can make an access request by 
selecting/clicking on one of the network elements listed by the pull-down menu (i.e., the 
client using tine interface from said access interface document to access a capability 
from said portion of the first service's capabilities) (He, C26: L58-65). Hence, Prior Art 
does teach "the client using the interface from the access interface document to access 
a capability from the portion of the service's capabilities". 

(B) In regard to claim 2, applicant argued "Pulliam has nothing to do with a 
client requesting an interface document comprising an interface usable by the client to 
access only a portion of a service's capabilities". 

As to point (B), examiner submits that one cannot show nonobviousness by 
attacking references individually where the rejections are based on combinations of 
references. In re Keller, 642 F.2d 413, 208 USQP 871 (CCPA 1981); In re Merck & Co., 
Inc., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 
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(C) Prior Art does not teach "generating a custom advertisement in response 
to receiving the advertisement request message, the custom advertisement is 
generated according to the portion of the service's capabilities that the capability 
credential indicates the client is allowed to access, and sending an advertisement 
request response message to the client, wherein the advertisement request response 
message includes the custom advertisement as the access interface document". 

As to point (C), He teaches upon successful completion of the login (i.e., the 
capability credential indicates the client is allowed to access), the system generates a 
pull down menus (i.e., the access interface document) to identify those network 
elements to which the user is allowed to access, wherein network elements provide 
valuable network resources and information (i.e., a pull down menus of available 
information/services to which the user is allowed to access such as available makes 
and models as mentioned by Pulliam and/or any other custom advertisements). Then, 
the user can make an access request by selecting/clicking on one of the network 
elements listed by the pull-down menu (He, C26: L58-65 and Pulliam, CI 3: L34-40). 

(D) Prior Art does not teach or suggest "a custom advertisement that specifies 
an XML schema defining messages to be sent by the client to the service and 
messages to be sent from the service to the client to use the portion of the service's 
capabilities". 

As to point (D), Pulliam teaches a message client is a multi-threaded HTTP 
process that provides the functions to received the XML formatted document, then 
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generates and sends XML messages and application credentials to and from the locate 
server (i.e., the service or the network element). Also, the locate processes involves 
generating and sending XML messages (i.e., generating and sending custom 
advertisement XML messages) such as sending search request XML messages and 
search response XML messages (Pulliam, CI 5: L39-43 and C16: L40-50). 

(E) Prior Art does not teach or suggest "the client receiving a protected 
advertisement for the service, wherein the protected advertisement provides an address 
to request the security credential, but does not provide the access interface document 
to access the service". 

As to point (E), He teaches through message exchanges with the authentication 
server 202, the user authenticates his identify to the network and obtains the 
authentication ticket that contains, or redirects the user to, the address of credential 
server 204 (i.e., providing an address to request the security credential) (He, C17: L55- 
67 and CI 8: LI -23) which the user will use to communicate/exchange messages with 
the credential server 204 to obtain the list of user credentials necessary for requesting 
access to network resources and information such as requesting the pull down menus 
listing available information/services to which the user is allowed to access (i.e., for 
requesting the access interface document to access the service) (He, CI 8: L39-41 and 
C19: L32-35). 
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24. Applicant's arguments as well as request for reconsideration filed on 07/01/2004 
have been fully considered but they are not deemed to be persuasive. 

25. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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26. Any inquiry concerning this communication or earlier communications from tlie 
examiner should be directed to Quang N. Nguyen whose telephone number is (703) 
305-8190. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
SPE, Rupal Dharia, can be reached at (703) 305-4003. The fax phone number for the 
organization is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3800/4700. 

Quang N. Nguyen 




